An Apple spokeswoman acknowledged that the company is looking into a report on software vulnerabilities that allow remote control and 'jailbreaking' of its iOS devices.

After the French security firm Vupen posted an advisory about two critical security flaws in Apple's iOS, Apple stated that they are aware of the report and investigating it, according to Reuters.

The vulnerabilities are currently being utilized by jailbreakme.com to allow users to jailbreak an iOS device and install software independent of Apple's moderated App Store. A hacker known as "comex" developed the current jailbreak exploit and claims to know other potential exploits for when the current one is patched.

The jailbreak exploit has been called both "scary" and "very beautiful work" by one security expert. Whereas previous jailbreaks have usually required users to run software on their Mac or PC, this jailbreak takes place only on the device itself.

Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.

Mobile device security has been a hot issue as of late. Vupen's advisory comes just a few days after security experts released a root kit exploit for Android phones at the Defcon hackers conference in Las Vegas. Nicholas Percoco, who developed the exploit with a colleague, said the tool "wasn't difficult" and took two weeks to build.

Sure iPhone is broke, but so is every other smart phone. It is an industry wide problem. Videos to come.

I guess this is more of an incentive for Apple to fix this exploit as soon as possible. Had "comex" just alerted Apple of the issue, it would have taken a while before we would have a fix and possible acknowledgment of the exploit.

Anyway, this should be all behind us in a week or two from now.

Apple knows of the issue. They are working on a fix. I'm guessing they'll roll it in with iOS 4.1? If not, 4.0.2 then.
iPhone Dev team knows of the impending fix and already have a USB tethered option.

I jailbroke my iPhone 4 today, but then reverted it a couple hours later. Most of the apps that convinced me to jailbreak in the first place just didn't work. I suspect that they've not been updated for iOS4 and without any social functions like the App Store like reviews, there's no way for users to know this prior to downloading (or even after, they just appear nonfunctional).

I jailbroke my iPhone 4 today, but then reverted it a couple hours later. Most of the apps that convinced me to jailbreak in the first place just didn't work. I suspect that they've not been updated for iOS4 and without any social functions like the App Store like reviews, there's no way for users to know this prior to downloading (or even after, they just appear nonfunctional).

yeah. they all sort of work if you have enough patience. It's cool for showing people a checklist of stuff you supposedly could do though....

Whereas previous jailbreaks required users to run software on their Mac or PC, this is the first jailbreak that takes place only on the device itself.

This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.

So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.

Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.

So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.

Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.

Whatever you do, DON'T look under the bed, the boogieman might get you! And always trust the government, they know what's best for you. And big companies always have your best interest in mind, and besides, no one can do anything on their product as well as they can. I'm sooooo glad that they came up with the oh so original ideas of third party apps, background wallpaper, tethering, multitasking, and others! We didn't even know we needed them until Apple told us we did. Well maybe jailbreakers had them ALL before apple released them, but jailbreaking is so SCARY!!! // Haha, don't be afraid little sister...

This is actually not true - the very first public jailbreak, back before even the App Store existed, was also delivered via Mobile Safari right on the iPhone itself. I think it was even hosted by the same domain name, too.

I was thinking the same thing, and your right, it was the same domain. There was also a jailbreak the used the emergency phone key pad on a non-activated iPhone to hactivate and jailbreak with no computer required.

So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.

Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.

So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.

Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.

1) The hole is already there, hence the jailbreak actually working via Safari.

2) There is already an app on Cydia you can install on your jailbroken iDevice to warn you that you may be opening a PDF that could access your system.

3) There are plenty of great features one can add for their jailbroken device. For instance, there is a great paid app for your lock screen that lists pretty much any at-a-glance data you can think of which the need for unlocking your phone and accessing a half dozen different apps.

Dick Applebaum on whether the iPad is a personal computer: "BTW, I am posting this from my iPad pc while sitting on the throne... personal enough for you?"

These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.

Most of us employ the Internet not to seek the best information, but rather to select information that confirms our prejudices. - Nicholas D. Kristof

These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.

No. COMEX was just brilliant! Not to mention he and the dev team are great guys and care about the JB comunity. People that don't like it just should NOT jb.

No. COMEX was just brilliant! Not to mention he and the dev team are great guys and care about the JB comunity. People that don't like it just should NOT jb.

It's true, the JB community is a vibrant one. Unfortunately, like geohot said, it's become way too easy to JB and the 'community' is just a bunch of whiners who want the next unlock asap and the easier the better. I miss the days when unlocking or jailbreaking actually took some time and effort/skill.

Interesting, Apple plugged this hole by iOS 4.1b2, before JailbreakMe came out. Not sure if it was intentional or not, but its closed. Heres what I get when i go to the site.

It was not intentional. Apple announced the pdf part of the exploit and fixed it for OS X before this happened. I'm sure that is where they got the inspiration to do this hack for iOS. The second phase of the attack was the ingenious part. This actually required two hacks to get in.

These file format vulnerabilities are beginning to annoy me. PDF has been around for how long now? How fscking hard can it be to write a robust parser for a PDF with the amount of resources available with companies like Apple? It is nothing more than gross negligence.

It wasn't in the pdf parsing code. It was in the font rendering code. They injected a malicious font in the PDF file. Fonts actually contain interpreted code to give good results when rendering at small sizes. Apple redesigned their font architecture from the ground up a couple years ago to give significantly better performance. So they found an exploit in a relatively new system.

I was thinking the same thing, and your right, it was the same domain. There was also a jailbreak the used the emergency phone key pad on a non-activated iPhone to hactivate and jailbreak with no computer required.

The phone was also less then a year old back then and Apple wasn't going after Enterprise customers. A similar hack now is a bigger deal, but the complexity of the hack shouldn't worry enterprise customers too much. They just need to make sure their phones are patched as soon as Apple releases the fix that is already in beta on day 0. As long as it doesn't get out of hand like the over-exagerated "antennagate" issue there is nothing to worry about. Not to mention that people are less likely to go to questionable web sites on their phones then their PCs.

... I'm sooooo glad that they came up with the oh so original ideas of third party apps, background wallpaper, tethering, multitasking, and others! We didn't even know we needed them until Apple told us we did. Well maybe jailbreakers had them ALL before apple released them ...

I don't believe for a minute that Apple didn't consider or plan all of those features and more from the very beginning for their OS X platform phone, when the smartphones they'd be competing against have had them for years --jailbreakers did not invent them.

People were already used to those features and Apple has been catering to them. After all, any OS is a work in progress.

You could make the point though, that we might have had multitasking earlier if the jailbreakers hadn't taken the pressure off of Apple by essentially fragmenting the iPhone market and sucking out all of those who would've petitioned for it, as Apple goes by priorities.

I don't believe for a minute that Apple didn't consider or plan all of those features and more from the very beginning for their OS X platform phone, when the smartphones they'd be competing against have had them for years --jailbreakers did not invent them.

People were already used to those features and Apple has been catering to them. After all, any OS is a work in progress.

You could make the point though, that we might have had multitasking earlier if the jailbreakers hadn't taken the pressure off of Apple by essentially fragmenting the iPhone market and sucking out all of those who would've petitioned for it, as Apple goes by priorities.

So you are arguing that Apple has been behind all along and iOS 4 wasn't really ready but they were forced to release it anyway... I agree 100%.

So you are arguing that Apple has been behind all along and iOS 4 wasn't really ready but they were forced to release it anyway... I agree 100%.

As the newcomer, Apple was definitely behind in many areas. They could have done a hack job and get away with being "on par" with the others, much like Google did with Android, but they instead chose to do every additional feature right and worth the wait.

I think they succeeded and are now head and shoulders above the competition in every area. I just wish they had given multitasking a higher priority.

Every OS company is forced to release on a regular basis, unless they want their "longhorn" to become a "vista", so there are always features that need to be left out for the moment. As long as the OS as released is "complete" in terms of usability for the intended purpose.

In this sense, iOS was complete and usable from version 1.0 thru version 4.x

So if I understand this right: go to a webpage that jailbreaks your phone and opens a huge security hole in your iPhone for mischief. AND you're doing it on purpose. All for a few marginally functional apps that you'll discover are crappy anyway only to revert to the original iOS anyway? Imagine a world where we all whine and complain that we couldn't jailbreak our refrigerators, microwaves, or TV's. Your phone is an appliance not your Jr. High science experiment. Go out and have a beer, meet up with some friends, play basketball, have s*x with your partner....whatever....but EVERYTHING in life is more important than jailbreaking your phone.

Malware, virus, etc..call it what you want. But it A) totally validates Apples closed system, and B) anyone dumb enough to do it deserves it.

For some, jailbreaking is about geeky stuff. Fair enough.

But let's face it, a lot of people jailbreak to pirate apps. Some don't, some do.

Nevermind the "marginally functional apps", you get virtually the whole App Store, cracked and free for you to download at your whim.

So some jailbreakers might actually (just throwing this out there) have more money to buy beers, basketball shoes, and gifts for their bf/gf to keep them happy.